The users of the private network cannot access the Internet server due to the incorrect mask configuration.

Publication Date: 2012-07-27Views: 116Downloads: 0

Issue Description

Networking:user----(NAT)NE40----NE80----server(Internet);

Description:the NAT users under NE40 cannot access some Internet server under NE80,but the other Internet access is normal.

Alarm Information

Null

Handling Process

1、the configuration is correct,the users can go on line normally,so does the Internet server.

2、recheck the configuration, and detect the address of NAT address pool and Interface server is similar, so we hesitate the Internet server mask is too large. After check, ensure the condition. So the packets of the Internet server cannot be forwarded to NE40.

3、reconfigure the mask of the Internet server correct the problem is solved.

Root Cause

The address pool of NAT is 211.*.2*0.33, the server address is 211.*.2*0.100, the mask is 255.255.255.0，the address of the server and that of the NE40 NAT address pool belong to the same network segment. As the users access these servers, because NE40 does NAT，so the source address used by the packet received by the server is that of the NAT address pool. As the server responds the users, it thinks the users and itself belong to the same network segment, it will send ARP request, instead of sending the packets to gateway NE80 to forward. These ARP packets are impossible to be received, so the NAT users cannot communicate with the server, while the other Internet access is normal.